CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/09 6:16 p.m.•22 views

CVE-2026-8190

A vulnerability was determined in Wavlink NU516U1 M16U1V240425. Affected by this issue is the function wan of the file /cgi-bin/adm.cgi. This manipulation of the argument pppusername/ppppasswd/rwanip/rwanmask/rwangateway is directly passed by the attacker/so we can control the...

8.8CVSS0.05344EPSS

ATTACKERKB•added 2026/05/09 6:15 p.m.•9 views

CVE-2026-8191

A vulnerability was identified in Wavlink NU516U1 M16U1V240425. This affects the function wifiregion of the file /cgi-bin/adm.cgi. Such manipulation of the argument skiplist1/skiplist2 leads to os command injection. The attack can be launched remotely. The exploit is publicly available and might ...

6.5CVSS6.5AI score0.05344EPSS

NVD•added 2026/05/09 5:16 p.m.•12 views

CVE-2026-8189

A vulnerability was found in Wavlink NU516U1 M16U1V240425. Affected by this vulnerability is the function wzdrepeater of the file /cgi-bin/adm.cgi. The manipulation of the argument wlanbssid/selAutomode/selEncrypTyp results in os command injection. It is possible to launch the attack remotely. Th...

8.8CVSS0.04807EPSS

ATTACKERKB•added 2026/05/09 5:15 p.m.•11 views

CVE-2026-8190

6.5CVSS6.4AI score0.05344EPSS

Cvelist•added 2026/05/09 5:15 p.m.•37 views

CVE-2026-8190 Wavlink NU516U1 adm.cgi wan os command injection

6.5CVSS0.05344EPSS

NVD•added 2026/05/09 4:16 p.m.•12 views

CVE-2026-8188

A vulnerability has been found in Wavlink NU516U1 M16U1V240425. Affected is the function changewifipassword of the file /cgi-bin/adm.cgi. The manipulation of the argument wlchannel/wlPass/EncrypType leads to os command injection. It is possible to initiate the attack remotely. The exploit has bee...

8.8CVSS0.05454EPSS

Cvelist•added 2026/05/09 4:15 p.m.•39 views

CVE-2026-8189 Wavlink NU516U1 adm.cgi wzdrepeater os command injection

6.5CVSS0.04807EPSS

ATTACKERKB•added 2026/05/09 4:15 p.m.•7 views

CVE-2026-8189

6.5CVSS6.3AI score0.04807EPSS

ATTACKERKB•added 2026/05/09 3:15 p.m.•9 views

CVE-2026-8188

6.5CVSS5.5AI score0.05454EPSS

EUVD•added 2026/05/09 3:15 p.m.•11 views

EUVD-2026-28915

6.5CVSS5.5AI score0.05454EPSS

CVE•added 2026/05/09 3:15 p.m.•22 views

CVE-2026-8188

The CVE-2026-8188 entries describe a vulnerability in Wavlink NU516U1 M16U1_V240425 where the change_wifi_password function in /cgi-bin/adm.cgi is exploitable via OS command injection. The issue stems from manipulating input parameters wl_channel, wl_Pass, or EncrypType, enabling remote execution...

8.8CVSS6.3AI score0.05454EPSS

Exploits1References4Affected Software1

NVD•added 2026/05/09 9:16 a.m.•35 views

CVE-2026-3828

Some Hikvision switch products discontinued since December 2023 are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leadi...

7.2CVSS0.00842EPSS

Cvelist•added 2026/05/09 8:27 a.m.•65 views

CVE-2026-3828

7.2CVSS0.00842EPSS

EUVD•added 2026/05/09 8:27 a.m.•11 views

EUVD-2026-28908

CVE•added 2026/05/09 8:27 a.m.•22 views

CVE-2026-3828

The CVE affects some Hikvision switch products (discontinued since December 2023) and is caused by insufficient input validation enabling authenticated remote command execution. With valid credentials, an attacker can send crafted packets containing malicious commands to affected devices, resulti...

Vulnrichment•added 2026/05/09 8:27 a.m.•6 views

CVE-2026-3828

Positive Technologies•added 2026/05/09 12:0 a.m.•11 views

PT-2026-39325

Name of the Vulnerable Software and Affected Versions Hikvision switch products affected versions not specified Description Certain Hikvision switch products, discontinued since December 2023, contain a flaw allowing authenticated remote command execution. This issue stems from insufficient input...